ID CVE-2016-1732 Type cve Reporter cve@mitre.org Modified 2016-12-03T03:22:00
Description
AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.
{"openvas": [{"lastseen": "2019-07-17T14:25:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2016-1765", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "description": "This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.", "modified": "2019-07-05T00:00:00", "published": "2016-04-01T00:00:00", "id": "OPENVAS:1361412562310806693", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806693", "type": "openvas", "title": "Apple Mac OS X Multiple Vulnerabilities-01 March-2016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Mac OS X Multiple Vulnerabilities-01 March-2016\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806693\");\n script_version(\"2019-07-05T09:12:25+0000\");\n script_cve_id(\"CVE-2015-7551\", \"CVE-2016-1733\", \"CVE-2016-1732\", \"CVE-2016-1734\",\n \"CVE-2016-1735\", \"CVE-2016-1736\", \"CVE-2016-1737\", \"CVE-2016-1740\",\n \"CVE-2016-1738\", \"CVE-2016-1741\", \"CVE-2016-1743\", \"CVE-2016-1744\",\n \"CVE-2016-1745\", \"CVE-2016-1746\", \"CVE-2016-1747\", \"CVE-2016-1748\",\n \"CVE-2016-1749\", \"CVE-2016-1752\", \"CVE-2016-1753\", \"CVE-2016-1754\",\n \"CVE-2016-1755\", \"CVE-2016-1756\", \"CVE-2016-1757\", \"CVE-2016-1758\",\n \"CVE-2016-1759\", \"CVE-2016-1761\", \"CVE-2016-1764\", \"CVE-2016-1765\",\n \"CVE-2016-1767\", \"CVE-2016-1768\", \"CVE-2016-1769\", \"CVE-2016-1770\",\n \"CVE-2016-1773\", \"CVE-2016-1775\", \"CVE-2016-1750\", \"CVE-2016-1788\",\n \"CVE-2015-8126\", \"CVE-2015-8472\", \"CVE-2015-8659\", \"CVE-2015-1819\",\n \"CVE-2015-5312\", \"CVE-2015-7499\", \"CVE-2015-7500\", \"CVE-2015-7942\",\n \"CVE-2015-8035\", \"CVE-2015-8242\", \"CVE-2016-1762\", \"CVE-2016-0777\",\n \"CVE-2016-0778\", \"CVE-2015-3195\", \"CVE-2014-9495\", \"CVE-2015-0973\",\n \"CVE-2016-1950\", \"CVE-2016-0801\", \"CVE-2016-0802\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:12:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-01 13:19:28 +0530 (Fri, 01 Apr 2016)\");\n script_name(\"Apple Mac OS X Multiple Vulnerabilities-01 March-2016\");\n\n script_tag(name:\"summary\", value:\"This host is running Apple Mac OS X and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists. For details\n refer the reference links.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker\n to execute arbitrary code or cause a denial of service (memory corruption),\n gain access to potentially sensitive information, trigger a dialing action,\n bypass a code-signing protection mechanism.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.11.x before\n 10.11.4, 10.9.x through 10.9.5, 10.10.x through 10.10.5\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Apple Mac OS X version\n 10.11.4 or later, or apply aptch from vendor.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT206167\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.(9|1[01])\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName || \"Mac OS X\" >!< osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.(9|1[01])\"){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.9\", test_version2:\"10.9.4\")||\n version_in_range(version:osVer, test_version:\"10.10\", test_version2:\"10.10.4\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n}\n\nelse if((osVer == \"10.10.5\") || (osVer == \"10.9.5\"))\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(!buildVer){\n exit(0);\n }\n if(osVer == \"10.10.5\" && version_is_less(version:buildVer, test_version:\"14F1713\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n else if(osVer == \"10.9.5\" && version_is_less(version:buildVer, test_version:\"13F1712\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n}\n\nelse if(osVer =~ \"^10\\.11\")\n{\n if(version_is_less(version:osVer, test_version:\"10.11.4\")){\n fix = \"10.11.4\";\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:23:25", "description": "The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.4. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache_mod_php\n - AppleRAID\n - AppleUSBNetworking\n - Bluetooth\n - Carbon\n - dyld\n - FontParser\n - HTTPProtocol\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - IOUSBFamily\n - Kernel\n - libxml2\n - Messages\n - NVIDIA Graphics Drivers\n - OpenSSH\n - OpenSSL\n - Python\n - QuickTime\n - Reminders\n - Ruby\n - Security\n - Tcl\n - TrueTypeScaler\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.", "edition": 25, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-03-22T00:00:00", "title": "Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_11_4.NASL", "href": "https://www.tenable.com/plugins/nessus/90096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90096);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2014-9495\",\n \"CVE-2015-0973\",\n \"CVE-2015-1819\",\n \"CVE-2015-3195\",\n \"CVE-2015-5312\",\n \"CVE-2015-7499\",\n \"CVE-2015-7500\",\n \"CVE-2015-7551\",\n \"CVE-2015-7942\",\n \"CVE-2015-8035\",\n \"CVE-2015-8126\",\n \"CVE-2015-8242\",\n \"CVE-2015-8472\",\n \"CVE-2015-8659\",\n \"CVE-2016-0777\",\n \"CVE-2016-0778\",\n \"CVE-2016-0801\",\n \"CVE-2016-0802\",\n \"CVE-2016-1732\",\n \"CVE-2016-1733\",\n \"CVE-2016-1734\",\n \"CVE-2016-1735\",\n \"CVE-2016-1736\",\n \"CVE-2016-1737\",\n \"CVE-2016-1738\",\n \"CVE-2016-1740\",\n \"CVE-2016-1741\",\n \"CVE-2016-1743\",\n \"CVE-2016-1744\",\n \"CVE-2016-1745\",\n \"CVE-2016-1746\",\n \"CVE-2016-1747\",\n \"CVE-2016-1748\",\n \"CVE-2016-1749\",\n \"CVE-2016-1750\",\n \"CVE-2016-1752\",\n \"CVE-2016-1753\",\n \"CVE-2016-1754\",\n \"CVE-2016-1755\",\n \"CVE-2016-1756\",\n \"CVE-2016-1757\",\n \"CVE-2016-1758\",\n \"CVE-2016-1759\",\n \"CVE-2016-1761\",\n \"CVE-2016-1762\",\n \"CVE-2016-1764\",\n \"CVE-2016-1767\",\n \"CVE-2016-1768\",\n \"CVE-2016-1769\",\n \"CVE-2016-1770\",\n \"CVE-2016-1773\",\n \"CVE-2016-1775\",\n \"CVE-2016-1788\",\n \"CVE-2016-1950\"\n );\n script_bugtraq_id(\n 71820,\n 71994,\n 75570,\n 77390,\n 77568,\n 77681,\n 78624,\n 78626,\n 79507,\n 79509,\n 79536,\n 79562,\n 80438,\n 80695,\n 80698\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2016-03-21-5\");\n\n script_name(english:\"Mac OS X 10.11.x < 10.11.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X that is 10.11.x prior\nto 10.11.4. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache_mod_php\n - AppleRAID\n - AppleUSBNetworking\n - Bluetooth\n - Carbon\n - dyld\n - FontParser\n - HTTPProtocol\n - Intel Graphics Driver\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - IOUSBFamily\n - Kernel\n - libxml2\n - Messages\n - NVIDIA Graphics Drivers\n - OpenSSH\n - OpenSSL\n - Python\n - QuickTime\n - Reminders\n - Ruby\n - Security\n - Tcl\n - TrueTypeScaler\n - Wi-Fi\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT206167\");\n # http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c87f79a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X version 10.11.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1761\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70)\n exit(1, \"Cannot determine the host's OS with sufficient confidence.\");\n}\nif (!os)\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\n\nif (\n version !~ \"^10\\.11([^0-9]|$)\"\n) audit(AUDIT_OS_NOT, \"Mac OS X 10.11 or later\", \"Mac OS X \"+version);\n\nfix = \"10.11.4\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n items = make_array(\"Installed version\", version,\n \"Fixed version\", fix\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);\n exit(0);\n\n }\nelse\n audit(AUDIT_INST_VER_NOT_VULN, \"Mac OS X\", version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "apple": [{"lastseen": "2020-12-24T20:43:08", "bulletinFamily": "software", "cvelist": ["CVE-2016-1746", "CVE-2016-1734", "CVE-2015-8659", "CVE-2016-1773", "CVE-2015-8126", "CVE-2016-1768", "CVE-2016-1758", "CVE-2015-5312", "CVE-2016-1761", "CVE-2015-3195", "CVE-2016-1744", "CVE-2016-1762", "CVE-2016-1737", "CVE-2015-7551", "CVE-2016-1738", "CVE-2016-1756", "CVE-2015-5334", "CVE-2016-1747", "CVE-2016-1752", "CVE-2016-1736", "CVE-2016-1740", "CVE-2016-1743", "CVE-2016-1775", "CVE-2016-1749", "CVE-2015-7500", "CVE-2016-0802", "CVE-2015-8242", "CVE-2016-1770", "CVE-2016-1757", "CVE-2015-1819", "CVE-2015-7499", "CVE-2016-1741", "CVE-2016-1759", "CVE-2016-1745", "CVE-2016-1732", "CVE-2016-1769", "CVE-2016-1754", "CVE-2015-0973", "CVE-2016-1950", "CVE-2016-1750", "CVE-2016-1748", "CVE-2014-9495", "CVE-2016-0801", "CVE-2015-8472", "CVE-2016-1764", "CVE-2016-0778", "CVE-2016-1755", "CVE-2016-1767", "CVE-2015-5333", "CVE-2016-1753", "CVE-2016-1733", "CVE-2016-1788", "CVE-2016-1735", "CVE-2015-7942", "CVE-2015-8035", "CVE-2016-0777"], "description": "For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the [Apple Product Security](<https://www.apple.com/support/security/>) website.\n\nFor information about the Apple Product Security PGP Key, see [How to use the Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>).\n\nWhere possible, [CVE IDs](<http://cve.mitre.org/about/>) are used to reference the vulnerabilities for further information.\n\nTo learn about other security updates, see [Apple security updates](<https://support.apple.com/kb/HT201222>).\n\n## OS X El Capitan 10.11.4 and Security Update 2016-002\n\n * **apache_mod_php**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.\n\nCVE-ID\n\nCVE-2015-8126 : Adam Mari\u0161\n\nCVE-2015-8472 : Adam Mari\u0161\n\n * **AppleRAID**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\n * **AppleRAID**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\n * **AppleUSBNetworking**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A USB device may be able to cause a denial of service\n\nDescription: An error handling issue existed in packet validation. This issue was addressed through improved error handling.\n\nCVE-ID\n\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\n * **Bluetooth**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\n\nCVE-2016-1736 : beist and ABH of BoB\n\n * **Carbon**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution\n\nDescription: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.\n\nCVE-ID\n\nCVE-2016-1737 : HappilyCoded (ant4g0nist &r3dsm0k3)\n\n * **dyld**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context\n\nDescription: A code signing verification issue existed in dyld. This issue was addressed with improved validation.\n\nCVE-ID\n\nCVE-2016-1738 : beist and ABH of BoB\n\n * **FontParser**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **HTTPProtocol**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A remote attacker may be able to execute arbitrary code\n\nDescription: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0.\n\nCVE-ID\n\nCVE-2015-8659\n\n * **Intel Graphics Driver**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1743 : Piotr Bania of Cisco Talos\n\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\n * **IOFireWireFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to cause a denial of service\n\nDescription: A null pointer dereference was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1745 : sweetchip of Grayhash\n\n * **IOGraphics**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A memory corruption issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **IOHIDFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: A memory corruption issue was addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1748 : Brandon Azad\n\n * **IOUSBFamily**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A use after free issue was addressed through improved memory management.\n\nCVE-ID\n\nCVE-2016-1750 : CESG\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A race condition existed during the creation of new processes. This was addressed through improved state handling.\n\nCVE-ID\n\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vila\u00e7a\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: A null pointer dereference was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\n * **Kernel**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\n\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nCVE-2016-1759 : lokihardt\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to determine kernel memory layout\n\nDescription: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1758 : Brandon Azad\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple integer overflows were addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Kernel**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to cause a denial of service\n\nDescription: A denial of service issue was addressed through improved validation.\n\nCVE-ID\n\nCVE-2016-1752 : CESG\n\n * **libxml2**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2015-1819\n\nCVE-2015-5312 : David Drysdale of Google\n\nCVE-2015-7499\n\nCVE-2015-7500 : Kostya Serebryany of Google\n\nCVE-2015-7942 : Kostya Serebryany of Google\n\nCVE-2015-8035 : gustavo.grieco\n\nCVE-2015-8242 : Hugh Davenport\n\nCVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI)\n\nCVE-2016-1762\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Clicking a JavaScript link can reveal sensitive user information\n\nDescription: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks.\n\nCVE-ID\n\nCVE-2016-1764 : Matthew Bryant of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\n * **Messages**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments\n\nDescription: A cryptographic issue was addressed by rejecting duplicate messages on the client.\n\nCVE-ID\n\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University\n\n * **NVIDIA Graphics Drivers**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An application may be able to execute arbitrary code with kernel privileges\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\n * **OpenSSH**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Connecting to a server may leak sensitive user information, such as a client's private keys\n\nDescription: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client.\n\nCVE-ID\n\nCVE-2016-0777 : Qualys\n\nCVE-2016-0778 : Qualys\n\n * **OpenSSH**\n\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\n\nImpact: Multiple vulnerabilities in LibreSSL\n\nDescription: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.\n\nCVE-ID\n\nCVE-2015-5333 : Qualys\n\nCVE-2015-5334 : Qualys\n\n * **OpenSSL**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh.\n\nCVE-ID\n\nCVE-2015-3195\n\n * **Python**\n\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20.\n\nCVE-ID\n\nCVE-2014-9495\n\nCVE-2015-0973\n\nCVE-2015-8126 : Adam Mari\u0161\n\nCVE-2015-8472 : Adam Mari\u0161\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1767 : Francis Provencher from COSIG\n\nCVE-2016-1768 : Francis Provencher from COSIG\n\n * **QuickTime**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution\n\nDescription: Multiple memory corruption issues were addressed through improved memory handling.\n\nCVE-ID\n\nCVE-2016-1769 : Francis Provencher from COSIG\n\n * **Reminders**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Clicking a tel link can make a call without prompting the user\n\nDescription: A user was not prompted before invoking a call. This was addressed through improved entitlement checks.\n\nCVE-ID\n\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca\n\n * **Ruby**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local attacker may be able to cause unexpected application termination or arbitrary code execution\n\nDescription: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648.\n\nCVE-ID\n\nCVE-2015-7551\n\n * **Security**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: A local user may be able to check for the existence of arbitrary files\n\nDescription: A permissions issue existed in code signing tools. This was addressed though additional ownership checks.\n\nCVE-ID\n\nCVE-2016-1773 : Mark Mentovai of Google Inc.\n\n * **Security**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted certificate may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\n * **Tcl**\n\nAvailable for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted .png file may lead to arbitrary code execution\n\nDescription: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng.\n\nCVE-ID\n\nCVE-2015-8126\n\n * **TrueTypeScaler**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: Processing a maliciously crafted font file may lead to arbitrary code execution\n\nDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.\n\nCVE-ID\n\nCVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)\n\n * **Wi-Fi**\n\nAvailable for: OS X El Capitan v10.11 to v10.11.3\n\nImpact: An attacker with a privileged network position may be able to execute arbitrary code\n\nDescription: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling.\n\nCVE-ID\n\nCVE-2016-0801 : an anonymous researcher\n\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of [Safari 9.1](<https://support.apple.com/kb/HT206171>).\n", "edition": 2, "modified": "2017-01-23T03:54:34", "published": "2017-01-23T03:54:34", "id": "APPLE:HT206167", "href": "https://support.apple.com/kb/HT206167", "title": "About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support", "type": "apple", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
